那些遇到过的问题

JFrog Artifactory 间歇性地拒绝身份验证并显示 403 禁止

Les*_*ter 5 artifactory http-headers

由于一些“身份验证”问题,很难配置客户端(SLES 和 OpenSUSE)以与我们的JFrogzypper一起使用。起初,我认为这只是opensuse 的问题,所以我首先专注于让 zypper 工作的努力。是上一个问题。RPM Repositoryzypper

但是,客户端(centOS)也会时不时地出现这些与身份验证相关的错误yum,尽管并不那么频繁。

所以我尝试man-in-the-middle看看幕后发生了什么,这是以下序列zypper

场景 1 - 身份验证成功

以下是 a 的序列zypper refresh --repo myrepo

(1)发送带有-encoded的zypperHTTP请求:HEADbase64username:

HEAD /myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml HTTP/1.1
Host: rpm.example.com
Authorization: Basic dXNlcm5hbWU6
User-Agent: ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
Accept: */*
Connection: close
Run Code Online (Sandbox Code Playgroud)

(2)jfrog使用 HTTP 进行响应,标头401 UnauthorizedWWW-Authenticate

HTTP/1.1 401 Unauthorized
Date: Thu, 28 May 2020 08:20:04 GMT
Content-Type: application/json;charset=ISO-8859-1
Connection: close
Server: Artifactory/7.4.3 70403900
X-Artifactory-Id: 2148103ba10eacbb:-16f1c4c1:172093a231a:-8000
X-Artifactory-Node-Id: artifactory-server
WWW-Authenticate: Basic realm="Artifactory Realm"
Run Code Online (Sandbox Code Playgroud)

(3)zypper发送另一个 HTTPHEAD请求,这次使用base64-encoded username:password

HEAD /myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml HTTP/1.1
Host: rpm.example.com
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
User-Agent: ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
Accept: */*
Connection: close
Run Code Online (Sandbox Code Playgroud)

(4)jfrog最后用 HTTP 响应200

HTTP/1.1 200 OK
Date: Thu, 28 May 2020 08:20:04 GMT
Content-Type: application/xml
Content-Length: 1394
Connection: close
Server: Artifactory/7.4.3 70403900
X-Artifactory-Id: 2148103ba10eacbb:-16f1c4c1:172093a231a:-8000
X-Artifactory-Node-Id: artifactory-server
Last-Modified: Fri, 08 May 2020 10:25:19 GMT
Accept-Ranges: bytes
X-Artifactory-Filename: repomd.xml
Cache-Control: no-store
Run Code Online (Sandbox Code Playgroud)

这些由 Artifactory 记录:

artifactory-request.log

2020-05-28T08:20:34.566Z [5f78297c2aeabaa8] [DENIED LOGIN]   for client : username / 213.1.1.1. 
2020-05-28T08:20:34.870Z [570978212a5318e3] [ACCEPTED DOWNLOAD] myapp-release-rpm-cache:stable/myapp/2019/3/repodata/repomd.xml  for client : username / 213.1.1.1.
Run Code Online (Sandbox Code Playgroud)

artifactory-access.log

2020-05-28T08:20:34.566Z|5f78297c2aeabaa8|213.2.2.2|non_authenticated_user|HEAD|/myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml|401|-1|0|8|ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
2020-05-28T08:20:34.721Z|8018b7cbc9c424e8|213.2.2.2|username|HEAD|/myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml|200|-1|1394|3|ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
2020-05-28T08:20:34.870Z|570978212a5318e3|213.2.2.2|username|GET|/myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml|200|-1|1394|2|ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
...
Run Code Online (Sandbox Code Playgroud)

所以基本上,zypper在提出HEAD请求时,JFrog 会说“您没有经过身份验证”,然后zypper做出响应并尝试进行身份验证,最后 JFrog 对 zypper 进行身份验证。到目前为止是有道理的。

场景 2 - 403 禁止

做一些工作,然后zypper refresh --repo myrepo在几分钟左右后运行相同的命令,结果如下:

(1)发送带有-encoded的zypperHTTP请求:HEADbase64username:

HEAD /myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml HTTP/1.1
Host: rpm.example.com
Authorization: Basic dXNlcm5hbWU6
User-Agent: ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
Accept: */*
Connection: close
Run Code Online (Sandbox Code Playgroud)

(2)jfrog使用 HTTP 进行响应,标头401 UnauthorizedWWW-Authenticate

HTTP/1.1 401 Unauthorized
Date: Thu, 28 May 2020 08:30:44 GMT
Content-Type: application/json;charset=ISO-8859-1
Connection: close
Server: Artifactory/7.4.3 70403900
X-Artifactory-Id: 2148103ba10eacbb:-16f1c4c1:172093a231a:-8000
X-Artifactory-Node-Id: artifactory-server
WWW-Authenticate: Basic realm="Artifactory Realm"
Run Code Online (Sandbox Code Playgroud)

(3)zypper发送另一个 HTTPHEAD请求,这次使用base64-encoded username:password

HEAD /myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml HTTP/1.1
Host: rpm.example.com
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
User-Agent: ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
Accept: */*
Connection: close
Run Code Online (Sandbox Code Playgroud)

(4) 这次,用 代替jfrog进行响应。403 Forbidden200 OK

HTTP/1.1 403 Forbidden
Date: Thu, 28 May 2020 08:30:44 GMT
Content-Type: application/json;charset=ISO-8859-1
Connection: close
Server: Artifactory/7.4.3 70403900
X-Artifactory-Id: 2148103ba10eacbb:-16f1c4c1:172093a231a:-8000
X-Artifactory-Node-Id: artifactory-server
WWW-Authenticate: Basic realm="Artifactory Realm"
Run Code Online (Sandbox Code Playgroud)

artifactory-request.log

2020-05-28T08:30:44.496Z [46c81a2450623166] [DENIED LOGIN]   for client : username / 213.1.1.1.
2020-05-28T08:30:44.630Z [769ed41c652daa7a] [DENIED LOGIN]   for client : username / 213.1.1.1.
Run Code Online (Sandbox Code Playgroud)

artifactory-access.log

2020-05-28T08:30:44.496Z|46c81a2450623166|213.2.2.2|non_authenticated_user|HEAD|/myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml|401|-1|0|9|ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
2020-05-28T08:30:44.630Z|769ed41c652daa7a|213.2.2.2|non_authenticated_user|HEAD|/myapp-release-rpm/stable/myapp/2019/3/repodata/repomd.xml|403|-1|0|1|ZYpp 17.19.0 (curl 7.60.0) openSUSE-Leap-15.1-x86_64
Run Code Online (Sandbox Code Playgroud)

请注意,当要求进行身份验证时,zypper 会发送相同的Authorization标头值,但在第二种情况下,JFrog无法对请求进行身份验证。

以前有人在 JFrog 上遇到过同样的问题吗?我们猜测这是 JFrog 7 的问题,因为我们的 JFrog 7 最近刚刚升级,但我们无法验证这一点。对我们来说不幸的是,我们使用的是付费计划,甚至没有支持许可证。

任何建议和意见将不胜感激。

附加信息

值得注意的是,yum客户端(centos 和 rhel)没有这个问题JFrog Artifactory,很可能是因为 yum 总是在 HTTP 标头中发送用户名和密码哈希,从而避免了401 Unauthorized重新身份验证序列。

更多细节

我去年五月向 JFrog 提交了一份错误报告,到目前为止还没有得到任何更新。

max*_*040 0

您是否尝试将 baseurl 设置为:

http://username:apikey@some.url/artifactory
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

3655 次

最近记录:

5 年,4 月 前
openSUSE zypper 错误 - 在指定的 URL 中找不到有效的元数据,无法确定存储库类型 7
更多相关链接
相关归档
用于分块编码的HTTP标头POST - 错误411 16
在Controller(Zend Framework)中读取HTTP标头 10
如何使用spring java config将X-Frame-Options响应头设置为允许来自值? 7
在 Java 程序中从 Maven 存储库下载工件 7
PHP:关闭输出流 6
Python请求库添加了一个额外的标题"Accept-Encoding:identity" 5
如何从webViewClient.shouldInterceptRequest()返回Http错误响应? 5
如何发布/部署 npm 包到自定义工件 5
在 Angular 中的 HttpInterceptor 中获取请求标头 5
maven-metadata.xml 没有在artifactory中自动生成 1
难疑归档
正则表达式匹配不包含单词的行? 4121
何时在CSS中使用margin和padding 2277
如何在Python中连接两个列表? 2250
如何使用CSS垂直居中文本? 2190
.NET中的decimal,float和double之间的区别? 2015
轻松获取最新的git子模块 1748
Git push需要用户名和密码 1327
如何在jQuery Ajax调用之后管理重定向请求 1319
如何分析Python脚本? 1203
macOS Mojave Update后,Git无法正常工作(xcrun:错误:无效的活动开发者路径(/ Library/Developer/CommandLineTools) 1190